Articles

Justice Department takes another run at encryption backdoors with…

lead centered=”no”
Law enforcement officials and experts on the distribution of child pornography gathered on Friday to make the emotional, if not technological, case that tech companies should open up their encryption schemes to police investigating crimes.
/lead

Following in the footsteps of former FBI Director James Comey and other top law enforcement officials, Attorney General William Barr is taking a swing at the growing prevalence of encryption across the digital landscape, with a particular renewed focus on the rising number of communications apps that are offering end-to-end encryption. On Thursday, the Justice Department published an open letter to Facebook CEO Mark Zuckerberg asking the social media giant not to proceed with its end-to-end encryption for its messaging services without providing law enforcement court-authorized access to the content of communications.

The letter, signed by the Attorney General, United Kingdom Home Secretary Priti Patel, Australia’s Minister for Home Affairs Peter Dutton, and Acting Homeland Security Secretary Kevin McAleenan, came on the same day the U.S. and UK governments entered into the world’s first ever CLOUD Act Agreement. The agreement, according to the Justice Department, “will allow American and British law enforcement agencies, with appropriate authorization, to demand electronic data regarding serious crime.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

CISA’s Krebs seeks more measured approach to election security…

lead centered=”no”
The Cybersecurity and Infrastructure Security Agency director says overhyped concern is a problem, while election officials say they reap the benefits of improved communications.
/lead

Given the too-late realization that Russia interfered in the 2016 presidential election through massive disinformation campaigns and — as the Mueller report most recently documented with a few new twists — actual efforts to hack into state elections systems, it’s no surprise that election security under the rubric of “Protect 2020” was a key theme running throughout the Cybersecurity and Infrastructure Security Agency’s (CISA) second annual Cybersecurity Summit.

Even so, CISA Director Christopher Krebs kicked off the summit by cautioning against the fearful language and overwrought concerns currently surrounding the topic of election security. “We’ve got to be more straightforward, more measured, more reasonable in how we talk about things. Election security is a great example. Are there true, absolute, fundamental risks in the infrastructure? Yes, but we have to take the hysteria out of the conversation because ultimately what we do is we drive broader voter confidence down,” he said.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

What is the CISA? How the new federal agency…

lead centered=”no”
The U.S. Congress created The Cybersecurity and Infrastructure Security Agency to identify threats, share information and assist with incident response in defense of the nation’s critical infrastructure.
/lead

The Cybersecurity and Infrastructure Security Agency (CISA) is a new federal agency, created to protect the nation’s critical infrastructure.

It was created through the Cybersecurity and Infrastructure Security Agency Act of 2018, which was signed into law on November 16, 2018. That legislation “rebranded” the Department of Homeland Security’s (DHS’s) National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Security Agency and transferred resources and responsibilities of NPPD to the newly created agency. Prior to the passage of the bill, NPPD managed almost all of DHS’s cybersecurity-related matters.

CISA is responsible for protecting the nation’s critical infrastructure from physical and cyber threats. Its mission is to “build the national capacity to defend against cyber attacks” and to work “with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the .gov networks that support the essential operations of partner departments and agencies.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

New CISA director outlines top 5 priorities for protecting…

lead centered=”no”
CISA’s Christopher Krebs has a two-year plan for his new cybersecurity agency, with China, supply chain and 5G as top priorities.
/lead

Last November, the former, somewhat awkwardly named National Protection and Programs Directorate (NPPD) was elevated within the U.S. Department of Homeland Security (DHS) to become the Cybersecurity and Infrastructure Security Agency (CISA) following enactment of the Cybersecurity and Infrastructure Security Agency Act of 2018. CISA is responsible for protecting the country’s critical infrastructure from physical and cyber threats, overseeing a host of cybersecurity-related activities. This includes operating the National Cybersecurity and Communications Integration Center (NCCIC), which provides round-the-clock situational awareness, analysis, incident response and cyber defense capabilities to the federal government, state, local, tribal and territorial governments, the private sector and international partners.

CISA made its first prominent mark as an independent agency during the 35-day government shut-down when, on January 22, it issued an unexpected, and to some a startling, emergency directive ordering admins at most government agencies to protect their domains against a wave of attacks on the domain name system infrastructure (DNS). The directive was prompted by a number of DNS tampering efforts at multiple executive branch agencies. This malicious, complex and widespread campaign, dubbed DNSpionage by Cisco Talos, allowed suspected Iranian hackers to steal massive amounts of email passwords and other sensitive data from government offices and private sector entities.

Christopher Krebs serves as CISA’s first director. Krebs previously headed the NPPD as assistant secretary for infrastructure protection and joined DHS as a senior counselor to the secretary after working in the U.S. Government Affairs team as the director for cybersecurity at Microsoft.

This article appeared in CSO Online. To read the rest of the article please visit here.